Encrypts data using AES encryption, and then requires emailing extortionists to discover out the cost of the decryptor. Data is encrypted on all local and connected network drives. After encryption, shadow copies of files are deleted. Initially, Kriptovor was a password stealer, but later received additional extortionary functionality. Distributed through email-attachments, which can be called something like: "Резюме на вакантную должность", which translates to: "Resume for the vacant post". The addresses of the senders are constantly changing. The previously collected list includes:
y.volkova@i-jazz.ru
kirova.l@mutualizm.ru
kirova.ls@orangedv.tmweb.ru
kirova-l@wibor5.ru
abramova.l@wibor5.ru
abramova@sabona.ru
l_abramova@festivalps.ru
l_abramova@wibor5.ru
MD5 hashes of word documents, infostealers, rar archives and ransomwares here (plus more information about this): https://www.fireeye.com/blog/threat-res ... ptovo.html
y.volkova@i-jazz.ru
kirova.l@mutualizm.ru
kirova.ls@orangedv.tmweb.ru
kirova-l@wibor5.ru
abramova.l@wibor5.ru
abramova@sabona.ru
l_abramova@festivalps.ru
l_abramova@wibor5.ru
MD5 hashes of word documents, infostealers, rar archives and ransomwares here (plus more information about this): https://www.fireeye.com/blog/threat-res ... ptovo.html
